Non-profit privateness advocacy group “None of Your Business” (noyb) has filed six complaints towards TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European consumer’s knowledge to China and infringing European Union’s common knowledge safety regulation (GDPR).
Based by Austrian privateness activist Max Schrems, NOYB works by authorized motion towards firms that violate customers’ privateness rights, notably in areas like knowledge transfers, on-line monitoring, and surveillance.
noyb filed the complaints at knowledge safety authorities (DPAs) in Greece, Italy, Belgium, the Netherlands, and Austria on behalf of customers in the identical international locations.
Within the paperwork, the non-profit highlights that China collects citizen knowledge aggressively and processes it with out restrictions, which is towards European Union’s knowledge safety legislation.
In line with the GDPR, knowledge transfers exterior the European house ought to solely be allowed as exceptions, and proof that the info is strictly protected against unauthorized state (or different) entry must be produced.
“Given that China is an authoritarian surveillance state, it is crystal clear that China doesn’t offer the same level of data protection as the EU,” said noyb’s knowledge safety lawyer, Kleanthi Sardeli.
In line with noyb, the Chinese language firms are in violation of Chapter V of the GDPR, particularly Articles 44 (common switch rules), 46 (lack of safeguards), and 46 (1) (failure to conduct sufficient impression assessments).
The lawyer additionally said that the firms have to adjust to knowledge entry requests from the China’s state authorities with no justification or limiting the provision below sure circumstances.
noyb underlines that Xiaomi has beforehand admitted by public transparency experiences that authorities in China can request and procure “unlimited” to non-public consumer knowledge.
Along with this danger, noyb additionally mentions that European customers have their knowledge entry requests ignored by the mentioned firms, which constitutes a violation of GDPR Article 15.
The article provides folks the suitable to ask the controller, the six Chinese language companies on this case, to tell them what private knowledge they maintain and the needs of processing it.
Given the above, noyb has now filed the next GDPR complaints throughout 5 European international locations:
The group requests the info safety authorities to demand the quick suspension of knowledge transfers to China and to convey their knowledge processing practices in alignment with the GDPR necessities.
For GDPR violations the info safety authorities might discover throughout their examination of the out there proof, the mentioned firms may very well be known as to pay administrative fines reaching as much as 4% of their world annual income.
For Xiaomi and Temu, the fines may attain a most of $1.75 and $1.35 billion respectively.
BleepingComputer has contacted all six Chinese language companies for a touch upon noyb’s motion, and we are going to replace this put up if and after we obtain a response.
